Hello, I set up a free ssl certificate on my website using this tutorial: howtoforge.com/securing-your-ispconfig-3-installation-with-a-free-class1-ssl-certificate-from-startssl I was thinking that my certificate works fine because I no longer get certificate errors. I don't know much about different types of connection protocols but when I noticed that my browser (chrome) gives me a warning ("This site uses a weak security configuration (SHA-1 signatures), so your connection may not be private.") for my website and doesn't give this error for some other web sites, I did some research and found this article telling me that sha-1 lacks security: googleonlinesecurity.blogspot.co.uk/2014/09/gradually-sunsetting-sha-1.html Did I do some wrong choise when I was setting up my website? Is it possible to use TLS 1.2 or any other secure way that doesn't make the browsers complain while still using free certificate on ispconfig? Thank you in advance.
This issue is not related to ispconfig, the ssl cipher suites are configured by the OS in the global apache ssl config file. You can disable weak SSL ciphers there. Beside that, you should check that the intermediate ssl certs that you added is using strong ciphers.
